For me npm still has a slight edge, but only as it comes with node installations
FYI, but I'm not saying performance is everything, as it isn't https://hackernoon.com/upgrading-from-node-6-to-node-8-a-real-world-performance-comparison-3dfe1fbc92a3 . Steve Lee OpenDirective http://opendirective.com On 8 June 2017 at 09:53, Tony Atkins <[email protected]> wrote: > Hi, All: > > As I mentioned in the architecture meeting, I have been thinking about how > to transition to committing the lock files for yarn and/or npm@5 to our > repos. Once we start accepting yarn.lock or package-lock.json files in > repositories, we need to ensure that these are actually kept up to date, > even if some of us are running another version and/or package manager. > > To me, the natural place to address this is in running tests in QI. There > should be a failure if the lock file does not match the dependencies, and > the failure should be visible as part of PRs under review. > > On this front, yarn gives us better options. Commands like "yarn > outdated" explicitly fail if your dependencies don't match the lock file. > They even have an explicit "yarn check" command > <https://yarnpkg.com/lang/en/docs/cli/check/> which seems purpose-built > to answer this question. Those guard against things like manually editing > your package.json or pulling changes via git without rerunning "yarn > install". What we want is to avoid letting "yarn install" generate a new > lock file. Thankfully "yarn install" supports "--frozen-lockfile" option > that will throw an error if the package.json and yarn.lock are out of sync. > > With npm@5, we don't have a check command or the ability to throw an > error if the lock file doesn't match the package.json file. My initial > thought is that we could run "npm install" and check to see if the lock > file has been updated. As we are working with git repositories, one option > might be to check the output of "git status --porcelain" > <https://stackoverflow.com/questions/5139290/how-to-check-if-theres-nothing-to-be-committed-in-the-current-branch> > after > running the install. Even if we decide to use yarn, we might still want to > add this kind of check, as it also guards against sloppiness in failing to > update our .gitignore to screen out build artifacts, test reports, et > cetera. > > Anyway, not arguing for either yarn or npm@5 here, just pointing out a > key concern and sharing an idea that should allow some of us to exercise > our work with yarn or npm@5 without requiring the rest to immediately > switch. > > Cheers, > > > Tony > > > On Thu, Jun 1, 2017 at 11:48 AM, Tony Atkins <[email protected]> > wrote: > >> Hi, All. >> >> I'm sure a few of you have seen this already, but I thought I'd use it as >> a chance to resume our discussions regarding next-gen package management, >> which previously focused on yarn. The new version of npm seems to be >> pulling in a few yarn-like improvements (lock files, better speed). It >> seems like the one practical change is committing a new type of lock file. >> We'd want to confirm that the new lock files are ignored by earlier >> versions of npm, which is pretty easy to confirm in Vagrant tests. >> >> On that note, I'm volunteering to try this out for a while. My ground >> rules for myself are that whatever changes I commit related to the new >> version, I only expect reviewers to accept and merge if the tests keep >> passing in Vagrant and the version of npm included in the "Apps" images >> (currently 3.10.8). If these are horrible or incomplete ground rules, >> please comment. >> >> Also, if anyone else wants to join me, please reply so I know whom to >> mention in chats on IRC. I'd particularly love to enlist someone who uses >> Windows as their daily driver, as there have been multiple issues unique to >> that environment in the past (I'm looking at you, leveldown). >> >> Cheers, >> >> >> Tony >> >> ---------- Forwarded message ---------- >> From: Isaac Schlueter <[email protected]> >> Date: Wed, May 31, 2017 at 5:06 PM >> Subject: announcing npm@5 >> To: [email protected] >> >> >> Hi! >> >> Starting today, typing `npm install npm@latest -g` will update you to >> npm version 5.0.1. >> >> npm@5 is all new and packed with performance, reliability, and usability >> improvements we know you’ll love. These include a new approach to >> lockfiles, more robust caching, and incredible speed — for many common >> tasks, npm@5 is up to *5x* faster than previous versions. >> >> The update is available now and we recommend it for everyone. Whether >> you’re finding open source packages on the npm Registry, organizing your >> team’s code with Orgs >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=117&elqTrackId=39916DE6512B37FD8BBCF2D1E413B114&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>, >> or installing apps behind your firewall with npm Enterprise >> <https://npmjs.com/enterprise?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&utm_source=Eloqua&utm_medium=email&utm_campaign=20170531&elqTrackId=5B7A39B30E640E56C0C318F9225A04A0&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1&elqCampaignId=107>, >> npm@5 will make it faster and easier than ever to build amazing things. >> >> You can learn more about npm@5 here >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=116&elqTrackId=B90694C8BE3137E70040E0F3EFC1DF23&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>. >> After you’ve installed it, we hope you’ll let us know what you think >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=13&elqTrackId=3B624F5AC6BC4FCCBC477A6BCBD47E88&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>, >> and if you run into trouble, just drop us a line <[email protected]>. >> >> >> npm ♥ you >> >> Isaac Z. Schlueter, CEO >> and the wombats of npm, Inc. >> >> >> npm, Inc. >> 1999 Harrison Street, Suite 1150, Oakland, CA 94612 >> >> unsubscribe >> <http://s2030806319.t.en25.com/e/u?s=2030806319&elq=b465a4f2f0f8488981d3180948b7e71c> >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > http://lists.gpii.net/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] http://lists.gpii.net/mailman/listinfo/architecture
